Unlocking SAM cards

2024-02-22Last updated

Storing cryptographic keys on MIFARE Secure Access Module (SAM) cards instead of the Synergis™ key store increases security because the keys cannot be retrieved. The SAM cards must be unlocked to interact with Synergis™ Cloud Link for cryptographic operations.

Before you begin

  • Configure a Synergis Cloud Link 312 unit.
    Note: You need a Synergis Cloud Link 312 unit to store the SAM card keys. For more information on Synergis Cloud Link 312 preparation, see Installing SAM cards on a Synergis Cloud Link 312.
  • Configure SAM cards using a SAM production tool, and install up to three cards.
    Note: If you install more than one SAM card, the cards must have the same keys. Having multiple SAM cards installed allows for faster card reads and access decisions on units with heavy access control activity.

Procedure

  1. Log on to the Synergis Cloud Link 312 unit.
  2. Click Configuration > Synergis™ key store .
  3. At the top of the key list, click .
  4. In the Create new version dialog box, do the following:
    Create new version dialog box on the Synergis key store page of the Synergis™ Appliance Portal.
    1. Select SAM host authentication.
    2. In the Components field, enter the host authentication keys that you configured in the SAM production tool, and click Add.
    3. Click OK.
  5. Click Configuration > SAM card .
    SAM card page in the Synergis™ Appliance Portal.
  6. In the SAM card host authentication configuration section, enter the key number and key version of the host authentication key stored on the SAM card.
  7. In the SAM controller status section, verify that the SAM cards were inserted and configured correctly.
    You can have up to three SAM cards installed. Each expansion slot can have one of the following statuses:
    OK
    A SAM card is inserted and the host authentication key, key number, and version number are valid.
    SAM card unlock failed
    A SAM card is inserted, but the host authentication key, key number, or version number do not match those on the card.
    No SAM card inserted
    There is no SAM card in the expansion slot.

After you finish

Enroll STid or OSDP readers, or configure enrolled readers.